From aaa0331ecf95ced1e913ac9be50168cf0e7cbb82 Mon Sep 17 00:00:00 2001 From: Rene Mayrhofer Date: Tue, 30 Jan 2007 12:21:07 +0000 Subject: [svn-upgrade] Integrating new upstream version, strongswan (2.8.2) --- doc/src/interop.html | 1802 -------------------------------------------------- 1 file changed, 1802 deletions(-) delete mode 100644 doc/src/interop.html (limited to 'doc/src/interop.html') diff --git a/doc/src/interop.html b/doc/src/interop.html deleted file mode 100644 index dd4f8c577..000000000 --- a/doc/src/interop.html +++ /dev/null @@ -1,1802 +0,0 @@ - - - - FreeS/WAN interoperation Grid - - - - - -

Interoperating with FreeS/WAN

- - -

The FreeS/WAN project needs you! We rely on the user community to keep -up to date. Mail users@lists.freeswan.org with your -interop success stories.

- -

Please note: Most of our interop examples feature -Linux FreeS/WAN 1.x config files. You can convert them to 2.x files fairly -easily with the patch in our -Upgrading Guide. -

- -

Interop at a Glance

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 FreeS/WAN VPNRoad WarriorOE
 PSKRSA SecretX.509
(requires patch)		NAT-Traversal
(requires patch)		Manual
Keying		  
More Compatible
FreeS/WAN - YesYesYesYesYesYesYes
isakmpd (OpenBSD) - Yes Yes Yes No    
Kame (FreeBSD, -
NetBSD, MacOSX) -
aka racoon - 		YesYesYes Yes No
McAfee VPN
was PGPNet - 		YesYesYes  YesNo
Microsoft
Windows 2000/XP - 		Yes Yes  YesNo
SSH Sentinel - Yes YesMaybe YesNo
Safenet SoftPK
/SoftRemote - 		Yes Yes  YesNo
Other
6Wind -   Yes   No
Alcatel Timestep - Yes     No
Apple Macintosh
System 10+ - 		MaybeYesMaybe Maybe No
AshleyLaurent
VPCom - 		Yes     No
Borderware - Yes    NoNo
Check Point FW-1/VPN-1 - Yes Yes  YesNo
Cisco with 3DES - YesMaybe Maybe  No
Equinux VPN Tracker
-(for Mac OS X) - - 		YesYesYes Maybe No
F-Secure - Yes  MaybeYesYesNo
Gauntlet GVPN - Yes Yes   No
IBM AIX - Yes Maybe   No
IBM AS/400 - Yes     No
Intel Shiva
LANRover/Net Structure - 		Yes     No
LanCom (formerly ELSA) - Yes     No
Linksys - Maybe No  YesNo
Lucent - Partial     No
Netasq -   Yes   No
netcelo -   Yes   No
Netgear fvs318 - Yes     No
Netscreen 100
or 5xp - 		Yes    MaybeNo
Nortel Contivity - Partial YesMaybe  No
RadGuard - Yes     No
Raptor - Yes   Yes No
Redcreek Ravlin - Yes/Partial     No
SonicWall - Yes   MaybeNoNo
Sun Solaris - Yes Yes Yes No
Symantec - Yes     No
Watchguard
Firebox - 		Yes   Yes No
Xedia Access Point
/QVPN - 		Yes     No
Zyxel Zywall
/Prestige - 		Yes     No
 PSKRSA SecretX.509
(requires patch)		NAT-Traversal
(requires patch)		Manual
Keying		  
 FreeS/WAN VPNRoad WarriorOE
- - - - -

Key

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
YesPeople report that this works for them.
[Blank]We don't know.
NoWe have reason to believe -it was, at some point, not possible to get this to work.
PartialPartial success. For example, a connection can be -created from one end only.
Yes/PartialMixed reports.
MaybeWe think the answer is "yes", but need confirmation.
- -

Basic Interop Rules

- -

Vanilla -FreeS/WAN implements these parts of the -IPSec specifications. You can add more with -Super FreeS/WAN, -but what we offer may be enough for many users.

- - - -

We offer a set of proposals which is not user-adjustable, but covers -all combinations that we can offer. -FreeS/WAN always proposes triple DES encryption and -Perfect Forward Secrecy (PFS). -In addition, we propose Diffie Hellman groups 5 and 2 -(in that order), and MD5 and SHA-1 hashes. -We accept the same proposals, in the same order of preference. -

- -

Other interop notes:

- - -

Longer Stories

- - -

For More Compatible Implementations

- - -

FreeS/WAN

- -

-See our documentation at freeswan.org -and the Super FreeS/WAN docs at -freeswan.ca. -Some user-written HOWTOs for FreeS/WAN-FreeS/WAN connections -are listed in our Introduction. -

- -

See also:

- - - - -

Back to chart

- - -

isakmpd (OpenBSD)

- -

OpenBSD FAQ: Using IPsec
-Hans-Joerg Hoexer's interop Linux-OpenBSD (PSK)
-Skyper's configuration (PSK) -
- -French page with configs (X.509) - - -

- -

Back to chart

- - -

Kame

- - - -

Kame homepage, with FAQ
-NetBSD's IPSec FAQ
-Ghislaine's post explaining some interop peculiarities -

-

-Itojun's Kame-FreeS/WAN interop tips (PSK)
-Ghislaine Labouret's French page with links to matching FreeS/WAN and Kame configs (RSA)
-Markus Wernig's -HOWTO (X.509, BSD gateway)
-Frodo's Kame-FreeS/WAN interop (X.509)
-Kame as a WAVEsec client. -

- -

Back to chart

- - -

PGPNet/McAfee

- -

-

-

-Tim Carr's Windows Interop Guide (X.509)
-Hans-Joerg Hoexer's Guide for Linux-PGPNet (PSK)
-Kai Martius' instructions using RSA Key-Extractor Tool (RSA)
-    Christian Zeng's page (RSA) based on Kai's work. English or German.
- -Oscar Delgado's PDF (X.509, no configs)
-Ryan's HOWTO for FreeS/WAN-PGPNet (X.509). Through a Linksys Router with IPsec Passthru enabled.
-Jean-Francois Nadeau's Practical Configuration (Road Warrior with PSK)
-Wouter Prins' HOWTO (Road Warrior with X.509)
-

-

-Rekeying problem with FreeS/WAN and older PGPNets
-

- -

-DHCP over IPSEC HOWTO for FreeS/WAN (requires X.509 and dhcprelay patches) - -

- -

Back to chart

- - -

Microsoft Windows 2000/XP

- - - -

-Tim Carr's Windows Interop Guide (X.509)
- -James Carter's -instructions (X.509, NAT-T)
- - -Jean-Francois Nadeau's Net-net Configuration (PSK)
- - -Telenor's Node-node Config (Transport-mode PSK)
- -Marcus Mueller's HOWTO using his VPN config tool (X.509). Tool also works with PSK.
- - -Nate Carlson's HOWTO using same tool (Road Warrior with X.509). Unusually, -FreeS/WAN is the Road Warrior here.
- - -Oscar Delgado's PDF (X.509, no configs)
- -Tim Scannell's Windows XP Additional Checklist (X.509)
-

- - - -

- -Microsoft's page on Win2k TCP/IP security features
- - -Microsoft's Win2k IPsec debugging tips
- - - -MS VPN may fall back to 1DES -

- -

Back to chart

- - -

SSH Sentinel

- - - -

-SSH's Sentinel-FreeSWAN interop PDF (X.509)
-Nadeem Hassan's -SUSE-to-Sentinel article (Road warrior with X.509)
-O-Zone's Italian HOWTO (Road Warrior, X.509, DHCP)
-

- - -

Back to chart

- - - -

Safenet SoftPK/SoftRemote

- - - -

- -Whit Blauvelt's SoftRemote tips
- -Tim Wilson's tips (X.509) -Workaround for a "gotcha" -

- -

-Jean-Francois Nadeau's -Practical Configuration (Road Warrior with PSK)
- -Terradon Communications' PDF (Road Warrior with PSK)
- -Seaan.net's PDF (Road Warrior to Subnet, with PSK) -
- -Red Baron Consulting's PDF (Road Warrior with X.509) -

- -

Back to chart

- - - - - - - - -

For Other Implementations

- - - -

6Wind

- -

- - -French page with configs (X.509) - -

- -

Back to chart

- - - -

Alcatel Timestep

- -

- -Alain Sabban's settings (PSK or PSK road warrior; through static NAT)
- -Derick Cassidy's configs (PSK)
- -David Kerry's Timestep settings (PSK) -
- -Kevin Gerbracht's ipsec.conf (X.509) -

- -

Back to chart

- - - -

Apple Macintosh System 10+

- - - - -

-James Carter's -instructions (X.509, NAT-T) -

- - -

Back to chart

- - - - - - -

AshleyLaurent VPCom

- -

- -Successful interop report, no details -

- -

Back to chart

- - -

Borderware

- - - -

- -Philip Reetz' configs (PSK)
- - -Borderware server does not support FreeS/WAN road warriors
- -Older Borderware may not support Diffie Hellman groups 2, 5
-

- - -

Back to chart

- - - -

Check Point VPN-1 or FW-1

- - - -

- -AERAsec's Firewall-1 NG site (PSK, X.509, Road Warrior with X.509, -other algorithms)
-     - -AERAsec's detailed Check Point-FreeS/WAN support matrix
-Checkpoint.com PDF: Linux as a VPN Client to FW-1 (PSK)
- -PhoneBoy's Check Point FAQ (on Check Point -only, not FreeS/WAN)
- -

- -

-Chris -Harwell's tips & FreeS/WAN configs (PSK)
- -Daniel -Tombeil's configs (PSK) - -

- -

Back to chart

- - -

Cisco

- - - - -

-SANS Institute HOWTO (PSK). Detailed, with extensive references.
-Short HOWTO (PSK)
- -French page with configs for Cisco IOS, PIX and VPN 3000 (X.509) -
- -Dave -McFerren's sample configs (PSK)
-Wolfgang -Tremmel's sample configs (PSK road warrior)
- -Old doc from Pete Davis, with William Watson's updated Tips (PSK)
-

- -

Some PIX specific information:
- - -Waikato Linux Users' Group HOWTO. Nice detail (PSK) -
- -John Leach's configs (PSK) -
- -Greg Robinson's settings (PSK) -
- -Scott's ipsec.conf for PIX (PSK, FreeS/WAN side only)
-Rick -Trimble's PIX and FreeS/WAN settings (PSK)
-

- - - -

-Cisco VPN support page
- -Cisco IPsec information page -

- -

Back to chart

- - - - -

Equinux VPN tracker (for Mac OS X)

- - - - -

-Equinux provides this -excellent interop PDF (PSK, RSA, X.509). -

- -

Back to chart

- - -

F-Secure

- - - -

pingworks.de's - "Connecting F-Secure's VPN+ to Linux FreeS/WAN" (PSK road warrior)
-    Same thing as PDF
-Success report, no detail (PSK)
-Success report, no detail (Manual) -

- - - -

Back to chart

- - - -

Gauntlet GVPN

- -

-Richard Reiner's ipsec.conf (PSK) -
- -Might work without that pesky firewall... (PSK)
- -In late July, 2003 Alexandar Antik reported success interoperating -with Gauntlet 6.0 for Solaris (X.509). Unfortunately the message is not -properly archived at this time. -

- -

Back to chart

- - - -

IBM AIX

- -

-IBM's "Built-In Network Security with AIX" (PSK, X.509)
- -IBM's tip: importing Linux FreeS/WAN settings into AIX's ikedb -(PSK) -

- -

Back to chart

- - - -

IBM AS/400

- - - -

-Richard Welty's tips and tricks
-

- -

Back to chart

- - - -

Intel Shiva LANRover / Net Structure

- - - -

- -Snowcrash's configs (PSK)
- - -Old configs from an interop (PSK)
- - -The day Shiva tickled a Pluto bug (PSK)
- -     - -Follow up: success! -

- -

Back to chart

- - - -

LanCom (formerly ELSA)

- - - -

-Jakob Curdes successfully created a PSK connection with the LanCom 1612 in -August 2003. - -

- -

Back to chart

- - - -

Linksys

- - - -
As tunnel endpoint
-

- -Ken Bantoft's instructions (Road Warrior with PSK)
- -Nate Carlson's caveats -

- -
In IPsec passthrough mode
-

- -Sample HOWTO through a Linksys Router
- -Nadeem Hasan's configs
- -Brock Nanson's tips
-

- -

Back to chart

- - -

Lucent

- -

- -Partial success report; see also the next message in thread -

- - -

Back to chart

- - -

Netasq

- -

- -French page with configs (X.509) - -

- - -

Back to chart

- - - -

Netcelo

- -

- -French page with configs (X.509) - - - -

- -

Back to chart

- - - -

Netgear fvs318

- - - -

- -John Morris' setup (PSK) -

- -

Back to chart

- - - -

Netscreen 100 or 5xp

- -

- -Errol Neal's settings (PSK)
- -Corey Rogers' configs (PSK, no PFS)
- -Jordan Share's configs (PSK, 2 subnets, through static NAT)
- -Set src proxy_id to your protected subnet/mask
- - -French page with ipsec.conf, Netscreen screen shots (X.509, may -need to revert to PSK...) - -

-

- -A report of a company using Netscreen with FreeS/WAN on a large scale -(FreeS/WAN road warriors?) -

- -

Back to chart

- - - -

Nortel Contivity

- - - -

- -JJ Streicher-Bremer's mini HOWTO for old & new software. (PSK with two subnets) -
- -French page with configs (X.509). This succeeds using the above X.509 tip. -

- - - -

Back to chart

- - -

Radguard

- -

- -Marko Hausalo's configs (PSK). Note: These do create a connection, -as you can see by "IPsec SA established".
- - -Claudia Schmeing's comments -

- -

Back to chart

- - -

Raptor (NT or Solaris)

- -

- -

- -

- -Peter Mazinger's settings (PSK)
- - -Peter Gerland's configs (PSK)
- - -Charles Griebel's configs (PSK).
- - -Lumir Srch's tips (PSK) - -

- -

- -John Hardy's configs (Manual)
- - -Older Raptors want 3DES keys in 3 parts (Manual).
- - -Different keys for each direction? (Manual)
- -

- -

Back to chart

- - - -

Redcreek Ravlin

- - - -

Back to chart

- - - -

SonicWall

- - - -

-Paul Wouters' config (PSK)
- -Dilan Arumainathan's configuration (PSK)
-Dariush's setup... only opens -one way (PSK)
- -Andreas Steffen's tips (X.509)
- -

- -

Back to chart

- - - -

Sun Solaris

- - -

- -Reports of some successful interops from a fellow @sun.com. -See also these follow up posts.
- -Aleks Shenkman's configs (Manual in transport mode) -
- -

- -

Back to chart

- - - -

Symantec

- - - -

-Andreas Steffen's configs for Symantec 200R (PSK) -

- -

Back to chart

- - - - -

Watchguard Firebox

- - - -

- -WatchGuard's HOWTO (PSK)
- -Ronald C. Riviera's Settings (PSK)
- -Walter Wickersham's Notes (PSK)
- - -Max Enders' Configs (Manual) -

- -

- -Old known issue with auto keying
- - -Tips on key generation and format (Manual)
-

- -

Back to chart

- - - -

Xedia Access Point/QVPN

- -

- -Hybrid IPsec/L2TP connection settings (X.509) -
- - Xedia's LAN-LAN links don't use multiple tunnels -
-     - - That explanation, continued - -

- -

Back to chart

- - - -

Zyxel

- - -

- -Zyxel's Zywall to FreeS/WAN instructions (PSK)
- -Zyxel's Prestige to FreeS/WAN instructions (PSK). Note: not all Prestige -versions include VPN software.
- -Fabrice Cahen's - HOWTO (PSK)
-     -

- -

Back to chart

- - - - - - -- cgit v1.2.3